Tools for Security Troubleshooting

Question 1

Anti-virus and anti-malware software

Answer 1

• Stop malicious software from running

* Keep your signatures updated

Question 2

Recovery Console / Command Prompt

Answer 2

• Use, copy, rename, or replace OS files and folders
• Enable or disable service or device startup
• Remove malicious software components
• Windows Vista/7
  
  • System Recovery Options / Command Prompt
• Windows 8/8.1
  
  • Troubleshoot / Advanced options / Cmd Prompt

Question 3

System Restore

Answer 3

• Go back-in-time to correct problems
• Windows Vista and 7:
  
  • All Programs / Accessories / System Tools / System Restore
• Windows 8/8.1:
  
  • Control Panel / System / Advanced System Settings
• Doesn’t guarantee recovery from malware

Question 4

Windows Refresh (Windows 8/8.1)

Answer 4

• Reinstall Windows

* Keep your personal files and settings

Question 5

LVM (Linux Logical Volume Manager) snapshots

Answer 5

• The Linux version of Windows System Restore
• Common on high-availability servers
• Works very quickly
  
  • Initial snapshot is comprehensive
  • Only snapshots what’s changed
• Restore from the snapshot
  
  • Many different file versions and points in me

Question 6

Windows Pre-installation (PE) environments

Answer 6

• A minimal Windows operating environment
• Resolve security issues, copy and recover data
• Create your own Windows Anti-malware boot disk

Question 7

Event Viewer

Answer 7

• Central event consolidation
• Get details around security events
• Authentication and application information

Question 8

MSCONFIG / System Configuration

Answer 8

• Safe boot: Minimal
• Safe mode GUI with minimal services, no network
• Safe boot: Alternate shell - with minimal services
• Safe boot: Active Directory repair
• Safe boot: Network - File explorer in safe mode